On Thu, Sep 29, 2011 at 2:46 PM, Sandy Harris <sandyinchina@xxxxxxxxx> wrote: > I have been thinking about how random(4) might be redesigned ... > > ... make the input > pool use Skein (or another SHA-3 candidate) and the output pools a > modified counter-mode AES. I now actually have most of the code for that and a substantial rationale document, both in a first draft sort of state. I have worked out how to use a block cipher in a way that has the hard-to-invert property and does not either lose state when it rekeys or encrypt successive counter values with a small Hamming difference. It is fairly complex. > Currently the driver uses SHA-1 for all three. ,,, Having looked at the block cipher method in some detail, I've now concluded that it is better to just use a hash which is non-invertible by design and does not make analysis more difficult. I may eventually have code & rationale for that too, but almost certainly not soon. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
